package com.cnfangmao.masterdata.shiro;

import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;

import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.spring.LifecycleBeanPostProcessor;
import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.DependsOn;

import com.cnfangmao.masterdata.common.utils.SpringUtil;
import com.cnfangmao.masterdata.dao.PermissionDao;
import com.cnfangmao.masterdata.model.Permission;


/**
 * @author cxz
 * @date 2020-4-16 16:31
 */

@Configuration
public class ShiroConfig {
	    /**
	     * 创建ShiroFilterFactoryBean
	     */
	    @Bean
	    public ShiroFilterFactoryBean getShiroFileRacotryBean(@Qualifier("securityManager") DefaultWebSecurityManager securityManager){
	        ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
	        //设置安全管理器
	        shiroFilterFactoryBean.setSecurityManager(securityManager);
	        /*添加shiro内置过滤器，可以实现权限相关的拦截
	         *    常用的过滤器：
	         *       anon: 无需认证（登录）可以访问
	         *       authc: 必须认证才可以访问
	         *       user: 如果使用rememberMe的功能可以直接访问
	         *       perms： 该资源必须得到资源权限才可以访问
	         *       role: 该资源必须得到角色权限才可以访问
	        * */
	        Map<String,String> filterMap = new LinkedHashMap <>();
	        filterMap.put("/auth/login.do","anon");
	        filterMap.put("/auth/logout.do","anon");
	        filterMap.put("/swagger-ui.html", "anon");
	        filterMap.put("/webjars/**", "anon");
	        filterMap.put("/v2/**", "anon");
	        filterMap.put("/swagger-resources/**", "anon");	
	        filterMap.put("/**","authc");

	      
	        //设置未授权提示页面
	        shiroFilterFactoryBean.setUnauthorizedUrl("/unAuth");
	        shiroFilterFactoryBean.setFilterChainDefinitionMap(filterMap);
	        
	        return shiroFilterFactoryBean;
	    }

	    /**
	     * 创建DefaultWebSecurityManager
	     */
	    @Bean(name = "securityManager")
	    public DefaultWebSecurityManager getDefaultWebSecurityManager(@Qualifier("myShiroRealm")MyShiroRealm userRealm){
	        DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
	        //关联realm
	        securityManager.setRealm(userRealm);
	        return securityManager;
	    }

	    /**
	     * 创建Realm
	     * 备注：@bean是注释到spring的容器中
	     */
	    @Bean(name = "myShiroRealm")
	    public MyShiroRealm getRealm(){
	        return new MyShiroRealm();
	    }
	    
	    /**
		 * Shiro生命周期处理器
		 * 
		 * @return
		 */
		@Bean
		public LifecycleBeanPostProcessor lifecycleBeanPostProcessor() {
			return new LifecycleBeanPostProcessor();
		}
	    /**
		 * 开启Shiro的注解(如@RequiresRoles,@RequiresPermissions),
		 * 需借助SpringAOP扫描使用Shiro注解的类,并在必要时进行安全逻辑验证
		 * 
		 * @return
		 */
		@Bean
		@DependsOn({ "lifecycleBeanPostProcessor" })
		public DefaultAdvisorAutoProxyCreator advisorAutoProxyCreator() {
			DefaultAdvisorAutoProxyCreator advisorAutoProxyCreator = new DefaultAdvisorAutoProxyCreator();
			advisorAutoProxyCreator.setProxyTargetClass(true);
			return advisorAutoProxyCreator;
		}

		@Bean
		public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(SecurityManager securityManager) {
			AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor = new AuthorizationAttributeSourceAdvisor();
			authorizationAttributeSourceAdvisor.setSecurityManager(securityManager);
			return authorizationAttributeSourceAdvisor;
		}
}
